package com.sy.demo.controller;

import com.sy.mvcframework.annotations.MyAutowried;
import com.sy.mvcframework.annotations.MyController;
import com.sy.mvcframework.annotations.MyRequestMapping;
import com.sy.demo.service.DemoService;
import com.sy.mvcframework.annotations.Security;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @author songyi
 * @date 2020/6/13 0013 16:28
 * @description
 */
@MyController
@MyRequestMapping("/demo")
// "zhangsan","lisi"都有这个类的访问权限
@Security({"zhangsan","lisi"})
public class DemoController {

    @MyAutowried
    private DemoService demoService;

    /**
     * 该方法上没有 @Security 注解，就以类的 @Security 为准
     * 所以"zhangsan","lisi"都有权限
     * url：http://localhost:8080/demo/query?username=zhangsan
     * @param request
     * @param response
     * @param name
     * @return
     */
    @MyRequestMapping("/query")
    public String getName(HttpServletRequest request, HttpServletResponse response, String name) {
        return demoService.get(name);
    }

    /**
     * 该方法上有 @Security 注解，只有"zhangsan"有权限访问，"lisi"没有权限访问
     * url：http://localhost:8080/demo/query1?username=zhangsan
     * @param request
     * @param response
     * @param name
     * @return
     */
    @MyRequestMapping("/query1")
    @Security({"zhangsan"})
    public String query1(HttpServletRequest request, HttpServletResponse response, String name) {
        return demoService.get(name);
    }

}
